# Contributor: Ariadne Conill <ariadne@dereferenced.org>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl1.1-compat
pkgver=1.1.1w
_abiver=${pkgver%.*}
pkgrel=1
pkgdesc="toolkit for transport layer security (TLS) - version 1.1"
url="https://www.openssl.org/"
arch="all"
license="OpenSSL"
replaces="libressl"
depends_dev="!openssl-dev"
makedepends_build="perl"
makedepends_host="linux-headers"
makedepends="$makedepends_host $makedepends_build"
subpackages="$pkgname-dbg $pkgname-libs-static:_static $pkgname-dev
	libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl"
source="https://www.openssl.org/source/openssl-$pkgver.tar.gz
	man-section.patch
	ppc64.patch
	"
builddir="$srcdir/openssl-$pkgver"
pcprefix="openssl$_abiver:pc:"

# secfixes:
#   1.1.1u-r1:
#     - CVE-2023-3446
#   1.1.1t-r2:
#     - CVE-2023-0465
#   1.1.1t-r1:
#     - CVE-2023-0464
#   1.1.1t-r0:
#     - CVE-2022-4304
#     - CVE-2022-4450
#     - CVE-2023-0215
#     - CVE-2023-0286
#   1.1.1q-r0:
#     - CVE-2022-2097
#   1.1.1n-r0:
#     - CVE-2022-0778
#   1.1.1l-r0:
#     - CVE-2021-3711
#     - CVE-2021-3712
#   1.1.1k-r0:
#     - CVE-2021-3449
#     - CVE-2021-3450
#   1.1.1j-r0:
#     - CVE-2021-23841
#     - CVE-2021-23840
#     - CVE-2021-23839
#   1.1.1i-r0:
#     - CVE-2020-1971
#   1.1.1g-r0:
#     - CVE-2020-1967
#   1.1.1d-r3:
#     - CVE-2019-1551
#   1.1.1d-r1:
#     - CVE-2019-1547
#     - CVE-2019-1549
#     - CVE-2019-1563
#   1.1.1b-r1:
#     - CVE-2019-1543
#   1.1.1a-r0:
#     - CVE-2018-0734
#     - CVE-2018-0735
#   0:
#     - CVE-2022-1292
#     - CVE-2022-2068

build() {
	local _target _optflags

	# openssl will prepend crosscompile always core CC et al
	CC=${CC#${CROSS_COMPILE}}
	CXX=${CXX#${CROSS_COMPILE}}
	CPP=${CPP#${CROSS_COMPILE}}

	# determine target OS for openssl
	case "$CARCH" in
		aarch64*)	_target="linux-aarch64" ;;
		arm*)		_target="linux-armv4" ;;
		ppc)		_target="linux-ppc" ;;
		ppc64)		_target="linux-ppc64" ;;
		ppc64le)	_target="linux-ppc64le" ;;
		x86)		_target="linux-elf" ;;
		x86_64)		_target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
		s390x)		_target="linux64-s390x";;
		riscv64)	_target="linux-generic64";;
		loongarch64)	_target="linux-generic64";;
		*)		msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
	esac

	# Configure assumes --options are for it, so can't use
	# gcc's --sysroot fake this by overriding CC
	[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=$CBUILDROOT"

	# when cross building do not enable threads as libatomic is not avaiable
	if [ "$CBUILD" != "$CHOST" ]; then
		case $CARCH in
			riscv64) _optflags="$_optflags no-threads";;
		esac
	fi

	perl ./Configure \
		$_target \
		--prefix=/usr \
		--libdir=/usr/lib \
		--openssldir=/etc/ssl1.1 \
		shared \
		no-zlib \
		no-async \
		no-comp \
		no-idea \
		no-mdc2 \
		no-rc5 \
		no-ec2m \
		no-sm2 \
		no-sm4 \
		no-ssl2 \
		no-ssl3 \
		no-seed \
		no-weak-ssl-ciphers \
		$_optflags \
		$CPPFLAGS \
		$CFLAGS \
		$LDFLAGS -Wa,--noexecstack
	make
}

check() {
	# AFALG tests have a sporadic test failure, just delete the broken
	# test for now.
	rm -f test/recipes/30-test_afalg.t

	make test
}

package() {
	make DESTDIR="$pkgdir" install_sw install_ssldirs
	# remove the script c_rehash
	rm "$pkgdir"/usr/bin/c_rehash
	mv -f "$pkgdir"/usr/bin/openssl "$pkgdir"/usr/bin/openssl$_abiver
}

_libcrypto() {
	pkgdesc="Crypto library from openssl"
	replaces="libressl2.7-libcrypto"

	amove etc
	amove usr/lib/libcrypto*
	amove usr/lib/engines-$_abiver
}

_libssl() {
	pkgdesc="SSL shared libraries"

	amove usr/lib/libssl*
}

_static() {
	default_static
}

sha512sums="
b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d  openssl-1.1.1w.tar.gz
43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a  man-section.patch
e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509  ppc64.patch
"
